There’s a few things going on here and this code is derived from this post, but the basic idea is to create a random token using random_bytes(), create our URL for email, then hash and store the token in our password_reset table so we can verify incoming password resets against it.

Ayo

Well, that’s checking to see if what’s stored in the database matches what was sent from the link in the email for the reset. So, false means they don’t match for some reason. Why? Couldn’t 100% tell you. Depends what’s going on deeper down in your script.

$results comes from a database query. You’ll see it at the top of the last code snippet. $auth_token is drived from $results so it all comes from the same place. Basically, you’re querying the database to get the auth_token stored there and checking it against what was submitted by the user.

Neha Hussaini

August 14, 2018 at 2:32 pm

$user = $this->user_exists($auth_token->email, ’email’);

what is this line checking? is it checking if the email in the database ($auth_token->email) matches the user email (’email’) trying to reset the password? if so how are you getting the user email (’email’) value ?

$auth_token is the token record from the database (see the first chunk of code on this page). That record includes the email address of the user we’re resetting. user_exists() checks to see if that user exists in our user table and if so, grabs that user record. Which is why it’s set equal to $user.

Hello, My question is related to this line: // Delete any existing tokens for this user $this->db->delete(‘password_reset’, ’email’, $user->email);

So, in my files I store db connection data in $con, so how I should modify this line to make it work? I have already tried to replace $this to $con but I got back fatal error with this line, plus I don’t really understand these -> arrays what they actually do.

$this->db is referencing another class that’s extended by the one all this code is in. delete() is method in that class. So, if you’re storing your connection data in $con, you not only need to completely replace $this->db, but you either need to write a delete() function/method and use that in it’s place… something like $con->delete(). OR, you just write your delete code out here.